The present invention is directed, in general, to the field of computer networking, and, specifically, to a mechanism that provides secure open tendering in an electronic business environment.
Broadly speaking, electronic business can be thought of as any type of commercial transaction, or part of a transaction, carried on through a computer network, a configuration of data processing Computer networks can be classified according to the extent of their security, Open networks, such as the Internet, do not have in place any intentional impediments to the free flow of information. (Network traffic and the limitations of hardware may slow or even stop a transmission, but this is random and unintentional.)
On the other extreme, completely closed networks provide communication for a defined group of users over dedicated hardware with no external linkage. Most networks used today by commercial enterprises such as businesses and governments have external communication links to the Internet, but protect internal files and databases from external users with special filtering software usually referred to as a xe2x80x9cfirewallxe2x80x9d. Provided the firewall software is robust enough to withstand xe2x80x9chackingxe2x80x9d from external users, users on the internal network can safely access the Internet.
Businesses or governments may extend their closed network connections to their trading partners (e.g., suppliers) to allow the partners to gain limited access to their internal network resources such as inventory database so that adequate inventory level can be maintained.
Improvements in computer hardware and software have made the Internet and other xe2x80x9copenxe2x80x9d networks an increasingly attractive arena for conducting electronic commercial transactions. Unlike closed systems, dedicated communication links are not required, and a potentially greater xe2x80x9caudiencexe2x80x9d (customers, suppliers, etc.) can be reached.
One area of significant development over the past few years has been in the area of securing transmissions against interception or corruption (tampering) by so-called xe2x80x9chackersxe2x80x9d or other third parties not intended as recipient. This is an absolute pre-requisite to any communication of a commercial nature, since these can involve the transmission of sensitive financial information, from consumer credit card numbers to preferential customer pricing, or of information that requires accuracy, such as product orders and bid tenders.
To conduct secure communications, authentication and encryption technologies are required. Authentication is to provide a proof to a network that a network entity (e.g., a network user or a network client) is indeed the one whom it claimed to be. Encryption is to prevent a network entity from assessing the confidential information for which it is not authorized to access.
Third party authentication is one way to secure communications between a client and server over an open network. One well known trusted third party authentication protocol is the xe2x80x9cKerberosxe2x80x9d model developed by MIT. (See for example J. G. Steiner, B. C. Neuman, and J. I. Schiller, xe2x80x9cKerberos:
Authentication service for open network systems,xe2x80x9d USENIX Conference Proceedings, February 1988, pp. 191-202; and J. T. Kohl, xe2x80x9cThe evolution of the Kerberos authentication service,xe2x80x9d EurOpen Conference Proceedings, May 1991, pp. 295-313.) In the Verberos model, in order to secure communications to a server, the client first contacts a Key Distribution Centre KDC), by identifying itself and presenting a nonce (a non-repeating identifier), in requesting credentials for use with the particular server. The KDC assembles a response that includes a session key, the nonce and a ticket. The ticket identifies the client, specifies the session key and lists start and expiration times for use of the ticket, and is encrypted by the KDC using a key shared with the server. The KDC returns the response to the requesting client which decrypts it, checks the nonce and caches the ticket for future use. When the client want to communicate with the server, it presents the ticket and a freshly-generated authenticator to the server. On receipt, the server decrypts the ticket using the key it shares with the KDC, and uses the session key from the ticket to verify the client""s identity and that the time stamp is current.
Kerberos is based on Needham-Schroeder""s much earlier work on trusted third party protocol: R. M. Needham and M. D. Schroeder, xe2x80x9cUsing encryption for authentication in large networks of computers,xe2x80x9d Communication of the ACM, Vol. 21, No. 21, December 1978, pp. 993-999; and R. M. Needham and M. D. Schroeder, xe2x80x9cAuthentication Revised,xe2x80x9d Operating Systems Review, Vol. 21, No. 1, January 1987, pp. 7.
Communications can be encrypted, using any of standard or non standard encryption algorithms, such as the algorithms defined in Data Encryption Standard (DES), triple DES, International Data Encryption Algorithm (IDEA), and RC2 and RC4 developed by RSA Data Security Inc. These encryption algorithms are known as symmetric key encryption algorithms since both sending and receiving parties share the same encryption key. The encryption key must be communicated secretly between sending and receiving parties and the key must be kept secretly. Associated with symmetric key encryption, there is key management which handles issues such as how keys are created, distributed, stored, and destructed. The key management can be a problem, particularly when one client or server has millions of correspondents. The distribution and management of the symmetric encryption keys can be a nightmare. The invention of public key crypto-systems has resolved this problem. The public key crypto-systems are also known as asymmetric key systems since encryption keys are different from decryption keys. In a public key crypto-system, there are a key pair, one is known as the public key, and the other is the private key. The public key as by its name is made public so that everyone who wishes to access it can access it. The private key is kept secretly. If A wants to encrypt data and sends to B, A first find B""s public key and encrypt the data using the public key, then sends the encrypted data to B. B can decrypt the encrypted data using its private key. Since only B knows its private key, there is no others who can decrypt the encrypted data. Therefore, the confidentiality of data is well kept. Since the current public key encryption and decryption is not efficient comparing to the symmetric key encryption, a common approach is to create a symmetric key known as a session key to encrypt data, and to use the public key of the receiving party to encrypt the session key. After receiving the encrypted session key and the encrypted data, the receiving party first decrypts the encrypted session key using its private key. Then, it decrypts the encrypted data using the session key. To be able to deploy the public key systems, the public key infrastructure (PKI) is required, which enables communications parties to register themselves, and obtain their and others certificates which contains public keys and which are verified by the public key issuer known as the certificate authority (CA).
To conduct electronic transactions over an open network, secure payment is required. Secure payment deals with potentially millions of customers who buy things over the Internet. There are different secure payment protocols which have been developed in the past few years. For example, IBM has developed a secure payment protocol called 10 (Internet K eyed Payment Protocol), which deals with a set of payment mechanisms such as credit and debit card transactions as well as electronic check clearing. Based on iKP, with assistance from IBM, GTE, Microsoft, Netscape, SAIC, Terisa, and Verisign, Visa and MasterCard have developed a secure payment protocol known as Secure Electronic Transaction (SET), as a method to secure payment card transactions over the Internet. Microsoft and Visa International have also developed a protocol called Secure Transaction Technology (STT), to handle secure payment with bank cards over the Internet.
International Application WO 97/415 for a xe2x80x9cSystem and Method for Secure Network Electronic Payment and Credit Card Collectionxe2x80x9d of Verifone, Inc., is directed to permitting immediate deployment of a secure payment technology and architecture such as the SET architecture without first establishing a public key encryption infrastructure for use by consumers. The system set out in WO97/415 involves three parties, customer, merchant, and payment gateway, and relies heavily on Secure Socket Layer (SSL) to perform the communication and negotiation between the parties. Once PKI is established, it would appear that the system set forth in WO97/415 is no longer required.
With improved security, the Internet has become a more reliable and accepted transmission medium for all types of commercial transactions.
The use of open networks for tendering bid proposals in response to a call for tender is a natural extension of electronic commerce, particularly where security measures such as encryption, third party authentication and PKI are already available. An invitation to tender electronically is usually not different from more traditional formats; a non-extendible submission deadline is set for receipt of sealed bids, and only those tenders filed by the deadline are considered.
However, one issue that arises in electronic tendering not present in other areas of electronic commerce, is the requirement for the tendering process to be fair, particularly where public money is involved (i,e., the invitation to tender comes from a government or other public body). Where traditional non-electronic methods of bidding are used, tenders received are not opened immediately, but are stored in a secure location (a locked box), often with a trusted third party such as an accounting firm, to be opened after the time for bid submission has closed.
The challenge in the context of electronic procurement is to provide a secure environment analogous to a xe2x80x9clocked boxxe2x80x9d for receipt of electronic bids, that can be entrusted to a third party, if desired. The locked information cannot be accessible to the third party, or to the party inviting tenders, at least until the tender deadline has expired.
It is therefore an object of the present invention to provide secure open tendering in the area of electronic procurement.
It is also an object of the invention to provide a secure open tendering protocol which does not require a third party holding the bid proposals to be a trusted third party.
Another object of the invention is to provide an electronic tendering system in which:
1. the party requesting tenders (eg., a government agency) cannot see the contents of bid proposals until the tender is closed;
2. a third party holding the submitted bids does not see the bid proposals at all where the third party is not a trusted third party; and
3. no vendor (bidder) can see the content of any other vendor""s bid proposal.
In accordance with these and other objects, the invention provides a lock box mechanism for safely storing electronic bid proposals submitted by vendors during open tendering over a network. The mechanism consists of the following elements: (i) a first encryption key shared only between a vendor and a third party authenticator during the open tendering which is used by the vendor for transforming a bid proposal to an inaccessible form prior to submitting the bid proposal to a bid requester, (ii) means held privately by the bid requester for rendering the bid proposal inaccessible to the third party authenticator following submission by the vendor, and (iii) an electronic repository for storing the submitted bid proposal until expiry of the open tendering. According to one aspect, the bid requester has direct access to the electronic repository while the third party authenticator does not, and preferably, the bid requester notifies the third party authenticator of receipt of bid proposals. According to another aspect, the third party authenticator has access to the electronic repository and the bid requester does not. Then, preferably, the bid requester double-encrypts bid proposals it receives using its privately-held encryption key, and forwards the double-encrypted bid proposals on to the third part authenticator for storage.
The invention also provides a method for providing secure electronic tendering in an open network. On the bid requester""s side, this method consists of publishing an invitation to tender electronic bid proposals (the invitation includes a requirement to encrypt bid proposals prior to submission using encryption keys generated from a specified authentication source), receiving encrypted bid proposals and rendering their contents inaccessible to the specified authentication source, and, on closure of the tendering, obtaining the encryption keys from the specified authentication source for accessing the bid proposals, On the side of the third pat authenticator, the method consists of generating an encryption key to a vendor for encrypting a bid proposal to be submitted by the vendor to the bid requester in response to a request, maintaining the vendor encryption key secret until notified of expiry of the open tender, and on the expiry of the open tender, forwarding the encryption key to the bid requester.